[Snyk] Fix for 4 vulnerabilities

[piranna]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: finalhandler

The new version differs by 104 commits.

• ed4c24d 1.0.6
• ec3693e deps: debug@2.6.9
• 56992d0 1.0.5
• 933adc8 build: Node.js@8.5
• c7ae24a deps: parseurl@~1.3.2
• eb13417 docs: fix syntax highlighting
• 91f81bb build: Node.js@8.4
• 85049f8 1.0.4
• 86d4c39 build: eslint-plugin-node@5.1.1
• 8d62a08 build: Node.js@8.2
• 44e024f build: readable-stream@2.3.3
• 7f7ebad build: eslint-plugin-node@5.1.0
• 3cbd16a build: eslint-plugin-import@2.7.0
• 3396636 build: safe-buffer@5.1.1
• 6193e13 build: support Node.js 8.x
• 5b2adb9 build: Node.js@6.11
• dd31a7c build: readable-stream@2.2.11
• ad6d3bd build: eslint-plugin-import@2.5.0
• 1258510 build: eslint-plugin-node@5.0.0
• 798415c deps: debug@2.6.8
• 0425ae6 1.0.3
• 3fcdbc0 deps: debug@2.6.7
• fb8fecd build: eslint-plugin-markdown@1.0.0-beta.6
• a49f580 build: Node.js@7.10

See the full diff

Package name: ws

The new version differs by 198 commits.

• 6dd88e7 [dist] 5.2.3
• 76d47c1 [security] Fix ReDoS vulnerability
• 5d55e52 [dist] 5.2.2
• 8aba871 [fix] Fix use after invalidation bug
• 175ce46 [dist] 5.2.1
• 307be7a [fix] Remove the `'data'` listener when the receiver emits an error
• 6046a28 [fix] Do not prematurely remove the listener of the `'data'` event
• bf9b2ec chore(package): update nyc to version 12.0.2 (#1395)
• bcab531 chore(package): update eslint-plugin-promise to version 3.8.0 (#1389)
• e4d032c [dist] 5.2.0
• e7bfe5f chore(package): update mocha to version 5.2.0 (#1385)
• 6dae94b chore(package): update eslint-plugin-import to version 2.12.0 (#1384)
• aebda2b chore(package): update nyc to version 11.8.0 (#1382)
• d871bdf [feature] Add `headers` argument to `verifyClient()` callback (#1379)
• bb9c21c [test] Fix failing test on node 10
• 6d8f1f4 [ci] Test on node 10
• 4385c78 [doc] Add `request` to emit arguments in shared server example (#1372)
• 690b3f2 [minor] Replace bound function with arrow function
• 9dc25a3 chore(package): update nyc to version 11.7.1 (#1364)
• a81e580 chore(package): update mocha to version 5.1.0 (#1362)
• 3215cf3 chore(package): update eslint-plugin-import to version 2.11.0 (#1361)
• 0100d82 [doc] Improve FAQ example for X-Forwarded-For header (#1360)
• c801e99 [doc] Improve docs and examples (#1355)
• 10c92ff [dist] 5.1.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn